summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2020-10-29 21:38:24 +0000
committergVisor bot <gvisor-bot@google.com>2020-10-29 21:38:24 +0000
commit8f9a789489aa60b3e1e72b5410d3b321f4858bbb (patch)
tree2ee2e729b66e7a131ff907a66fb2cfbac580d75f /pkg/sentry/socket
parent38352c1de305a60c9591d37e57d616570100b03e (diff)
parent181fea0b58f2e13a469a34eb0b921b169d292a9d (diff)
Merge release-20201019.0-103-g181fea0b5 (automated)
Diffstat (limited to 'pkg/sentry/socket')
-rw-r--r--pkg/sentry/socket/netfilter/netfilter.go2
-rw-r--r--pkg/sentry/socket/netfilter/targets.go24
2 files changed, 16 insertions, 10 deletions
diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go
index a237f8f6d..b283d7229 100644
--- a/pkg/sentry/socket/netfilter/netfilter.go
+++ b/pkg/sentry/socket/netfilter/netfilter.go
@@ -57,7 +57,7 @@ var nameToID = map[string]stack.TableID{
}
// DefaultLinuxTables returns the rules of stack.DefaultTables() wrapped for
-// compatability with netfilter extensions.
+// compatibility with netfilter extensions.
func DefaultLinuxTables() *stack.IPTables {
tables := stack.DefaultTables()
tables.VisitTargets(func(oldTarget stack.Target) stack.Target {
diff --git a/pkg/sentry/socket/netfilter/targets.go b/pkg/sentry/socket/netfilter/targets.go
index 2dea3b419..f2653d523 100644
--- a/pkg/sentry/socket/netfilter/targets.go
+++ b/pkg/sentry/socket/netfilter/targets.go
@@ -118,6 +118,10 @@ func (rt *returnTarget) id() targetID {
type redirectTarget struct {
stack.RedirectTarget
+
+ // addr must be (un)marshalled when reading and writing the target to
+ // userspace, but does not affect behavior.
+ addr tcpip.Address
}
func (rt *redirectTarget) id() targetID {
@@ -296,7 +300,7 @@ func (*redirectTargetMaker) unmarshal(buf []byte, filter stack.IPHeaderFilter) (
binary.Unmarshal(buf, usermem.ByteOrder, &rt)
// Copy linux.XTRedirectTarget to stack.RedirectTarget.
- target := redirectTarget{stack.RedirectTarget{
+ target := redirectTarget{RedirectTarget: stack.RedirectTarget{
NetworkProtocol: filter.NetworkProtocol(),
}}
@@ -326,7 +330,7 @@ func (*redirectTargetMaker) unmarshal(buf []byte, filter stack.IPHeaderFilter) (
return nil, syserr.ErrInvalidArgument
}
- target.Addr = tcpip.Address(nfRange.RangeIPV4.MinIP[:])
+ target.addr = tcpip.Address(nfRange.RangeIPV4.MinIP[:])
target.Port = ntohs(nfRange.RangeIPV4.MinPort)
return &target, nil
@@ -361,8 +365,8 @@ func (*nfNATTargetMaker) marshal(target target) []byte {
},
}
copy(nt.Target.Name[:], RedirectTargetName)
- copy(nt.Range.MinAddr[:], rt.Addr)
- copy(nt.Range.MaxAddr[:], rt.Addr)
+ copy(nt.Range.MinAddr[:], rt.addr)
+ copy(nt.Range.MaxAddr[:], rt.addr)
nt.Range.MinProto = htons(rt.Port)
nt.Range.MaxProto = nt.Range.MinProto
@@ -403,11 +407,13 @@ func (*nfNATTargetMaker) unmarshal(buf []byte, filter stack.IPHeaderFilter) (tar
return nil, syserr.ErrInvalidArgument
}
- target := redirectTarget{stack.RedirectTarget{
- NetworkProtocol: filter.NetworkProtocol(),
- Addr: tcpip.Address(natRange.MinAddr[:]),
- Port: ntohs(natRange.MinProto),
- }}
+ target := redirectTarget{
+ RedirectTarget: stack.RedirectTarget{
+ NetworkProtocol: filter.NetworkProtocol(),
+ Port: ntohs(natRange.MinProto),
+ },
+ addr: tcpip.Address(natRange.MinAddr[:]),
+ }
return &target, nil
}